Comment by tkinom
4 years ago
For anyone who like to hack legally and ethically, check out https://www.hackerone.com/. If you're very good at hacking devices, software, networks, etc, companies will pay bounties for the vulnerabilities you find thru HackerOne.
Looks like they paid out millions in bounty in 2020:
https://www.zdnet.com/article/hackerones-2020-top-10-public-bug-bounty-programs/
Worth a try, but I didn't have a good experience with it.
Companies can mark items as duplicates without fixing the underlying bug for an indefinite period of time. So the 3 vulnerabilities I found all got marked as duplicates without any compensation or even acknowledgement of my time writing up the issues. Felt like a complete waste of time.
If you're great, you can probably find novel stuff better than I was able to, but if you're that great you likely already have plenty of employment opportunities.